I’m a big fan of two-factor security. Basically, two-factor (sometimes called multi-factor) security consists of something you know, like a password, and something have, like a key or a badge.

I employ two-factor security on my eBay and PayPal accounts. I also use two-factor security for my job when I am working from home. In both cases, I have to know my password plus type in a special code from a “token” device I physically possess. There have been a few times where I did not have the token in my possession, but for the most part I really like two-factor security.

Blizzard Entertainment, maker of very popular games like World of Warcraft, StarCraft, and StarCraft II, released their own two-factor authentication system in 2008. Players could opt for a physical device like the PayPal/eBay token and my RSA token from work, or install an application on their mobile device. I didn’t feel like paying (and keeping track of) another token, so I opted for the free mobile application.

Installation and configuration

Installation is simple: download the Battle.net Authenticator from the Android Market. Make sure you download the on made by Blizzard Entertainment, Inc. in case there are fake ones with similar names.

The application walks you through a brief setup procedure that involves verifying your account via email and logging into Battle.net. The setup process took me about five minutes.

Usage

Usage is also very easy. I created a shortcut for the Battle.net Authenticator on one of my HTC Droid Incredible’s desktops. I have to run the application each time I play StarCraft 2 or sign into Battle.net’s Web site.

The application generates a numerical passcode that I have to type in addition to my username and password. The passcode is used only once, and changes every few seconds. Two-factor security at work: something I know (user/pass) and something I have (mobile phone with the Authenticator running).

My one-time use passcode. The little bar underneath the numbers goes from left to right. When the bar reaches the right hand side, the numbers change.

For StarCraft 2, I enter my username, password, and Authenticator code all at the same time on the same screen. When I log into battle.net I enter my username and password on one screen. A second screen pops up and I have to type in my Authenticator passcode.

This is how eBay and Paypal work unless you know the secret about appending your SecurID passcode to the end of your eBay/Paypal password. Battle.net does not allow you to add the Authenticator code to the end of your password.

It’s an extra step, but I don’t sign in to Battle.net as to cause annoyance.

Living with the Authenticator

I really like having the Authenticator enabled on my accounts. I installed it to just try it out, and thought it would make for an interesting post. After running it for about a month, I intend to leave my account with the Authenticator enabled. I doubt anyone would hack my StarCraft 2 account, but some of my friends are very into World of Warcraft and have thousands of dollars in virtual goods and skills linked to their accounts.

Is the Authenticator something I’d recommend to everyone? Sure, why not? Especially if you have a mobile device and don’t have to buy the standalone keyfob ($6.95USD before shipping). Currently, Android OS, iPhone OS, Blackberry and most smartphones/feature phones are supported. Blizzard maintains a compatibility Web site if you want to check.

Recommended, mostly because it’s a “nice-to-have” feature. The application works great, but it isn’t necessary for just about everyone.